Cont(r)act

Components run tasks for other components, usually owned by another entity. Having clarity about responsibility with respect to GDPR related restrictions requires formal relations: contracts. They may be simplified by Trusted Third Parties (TTPs) in the network, but there will be more options.

The "contract" may be simple up to very complex. Contracts bundle:

(Anonymized) user information, on need-to-know basis;
Jurisdiction details;
License agreement;
(Anonymized) (micro-)payment agreement;
SLA

Beware: it is up to both client and server whether they come to an agreement for interaction: the MSI standard only specifies how the agreements are represented in the exchanged messages.

User information

TODO

Jurisdictions

TODO

Licenses

TODO

(Micro-)payments

TODO

Service Level Agreements (SLA)

TODO

mark@overmeer.net